Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_filter_module.c @ 7569:80359395b345
HTTP/2: traffic-based flood detection.
With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field. As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 18 Sep 2019 20:28:12 +0300 |
parents | 99257b06b0bd |
children | a7a77549265e |
comparison
equal
deleted
inserted
replaced
7568:2e61e4b6bcd9 | 7569:80359395b345 |
---|---|
1875 stream->node->id, frame); | 1875 stream->node->id, frame); |
1876 | 1876 |
1877 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE | 1877 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE |
1878 + frame->length; | 1878 + frame->length; |
1879 | 1879 |
1880 h2c->payload_bytes += frame->length; | |
1881 | |
1880 ngx_http_v2_handle_frame(stream, frame); | 1882 ngx_http_v2_handle_frame(stream, frame); |
1881 | 1883 |
1882 ngx_http_v2_handle_stream(h2c, stream); | 1884 ngx_http_v2_handle_stream(h2c, stream); |
1883 | 1885 |
1884 return NGX_OK; | 1886 return NGX_OK; |
1928 "http2:%ui PUSH_PROMISE frame %p was sent", | 1930 "http2:%ui PUSH_PROMISE frame %p was sent", |
1929 stream->node->id, frame); | 1931 stream->node->id, frame); |
1930 | 1932 |
1931 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE | 1933 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE |
1932 + frame->length; | 1934 + frame->length; |
1935 | |
1936 h2c->payload_bytes += frame->length; | |
1933 | 1937 |
1934 ngx_http_v2_handle_frame(stream, frame); | 1938 ngx_http_v2_handle_frame(stream, frame); |
1935 | 1939 |
1936 ngx_http_v2_handle_stream(h2c, stream); | 1940 ngx_http_v2_handle_stream(h2c, stream); |
1937 | 1941 |
2022 "http2:%ui DATA frame %p was sent", | 2026 "http2:%ui DATA frame %p was sent", |
2023 stream->node->id, frame); | 2027 stream->node->id, frame); |
2024 | 2028 |
2025 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE; | 2029 stream->request->header_size += NGX_HTTP_V2_FRAME_HEADER_SIZE; |
2026 | 2030 |
2031 h2c->payload_bytes += frame->length; | |
2032 | |
2027 ngx_http_v2_handle_frame(stream, frame); | 2033 ngx_http_v2_handle_frame(stream, frame); |
2028 | 2034 |
2029 ngx_http_v2_handle_stream(h2c, stream); | 2035 ngx_http_v2_handle_stream(h2c, stream); |
2030 | 2036 |
2031 return NGX_OK; | 2037 return NGX_OK; |
2034 | 2040 |
2035 static ngx_inline void | 2041 static ngx_inline void |
2036 ngx_http_v2_handle_frame(ngx_http_v2_stream_t *stream, | 2042 ngx_http_v2_handle_frame(ngx_http_v2_stream_t *stream, |
2037 ngx_http_v2_out_frame_t *frame) | 2043 ngx_http_v2_out_frame_t *frame) |
2038 { | 2044 { |
2039 ngx_http_request_t *r; | 2045 ngx_http_request_t *r; |
2046 ngx_http_v2_connection_t *h2c; | |
2040 | 2047 |
2041 r = stream->request; | 2048 r = stream->request; |
2042 | 2049 |
2043 r->connection->sent += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; | 2050 r->connection->sent += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; |
2051 | |
2052 h2c = stream->connection; | |
2053 | |
2054 h2c->total_bytes += NGX_HTTP_V2_FRAME_HEADER_SIZE + frame->length; | |
2044 | 2055 |
2045 if (frame->fin) { | 2056 if (frame->fin) { |
2046 stream->out_closed = 1; | 2057 stream->out_closed = 1; |
2047 } | 2058 } |
2048 | 2059 |